Here is a really good list of steps to help keep you safe from Ransomeware. The article is long, but stick with it and read all the headings – there are some good ideas you can easily implement. There are also some suggestions that are hard to stomach, but knowledge is power.

Personally, I use Time Capsule (network backup solution) for my Mac and it is a bummer to think that Ransomeware could find this network device and encrypt my backups too. I’ve taken to making a monthly snapshot on a USB drive for worst case recovery.

The US FDIC has recently come under fire for a series of insider data leakages. Getting hacked by your own employees is the elephant in the room for every organization. We harden our organizations from outside attacks, but insiders need efficient access to data in order to do their jobs.

One of the big changes happening at FDIC is disabling removable storage like USB keys and drives. I’ll be curious to see how this works from both an efficiency and effectiveness standpoint.

In most of my dealings (with smaller companies), the thought of clamping down on removable media is impractical. Anyone who has millennials in their workforce know that restrictive technology policies are anathema to these energetic workers. Check out this excerpt from Fortune magazine.

The companies that top Great Place to Work’s first-ever ranking of the 100 Best Workplaces for Millennials stand out for their ability to engage this generation, recognize their talents and give them a significant role where they can make a difference. At these companies, pay, profit sharing, and promotion decisions are executed fairly; everyone gets a shot at special recognition; and workers have a say in decisions that affect them. These workplaces exhibit strong, open, two-way communication; a high tolerance for risk-taking; high levels of cooperation and support among employees; and reduced roadblocks to innovation, such as internal politics.

The best solutions I’ve found for insider threats are training and strong corporate culture. Make sure your employees know the policies and that your culture promotes the benefits of protecting all that information they are entrusted to access. Protecting your organization from insider leaks with technology is super difficult — and it won’t prevent a determined insider from getting data out.

My favorite finding from ReversingLabs is that the most exploited bug in 2015 was the same as in 2014 — it was discovered in 2011 and patched in 2012 and again in 2015. CVE-2010-2568 is an old Windows shell bug with .pif files. Patch this now!

Not sure exactly what it says about ReversingLabs’ clients that they have all this data and yet can’t deploy this patch.

It should have been a great night for Laremy Tunsil, the offensive lineman from Ole Miss. He was drafted #13 by the Miami Dolphins in the 2016 NFL Draft.

Unfortunately, his Twitter and Instagram accounts where “hacked”. Looks to me like somebody got access to his iPhone. Three possible lessons from an information security perspective:

Make sure you have a passcode or biometric security on your phone. Nobody should know your code; not your best friend, not your girlfriend, not your kids, maybe your spouse.

Strong, unique passwords and two factor authentication can prevent somebody who discovers one password (like Twitter), from logging into other accounts (like Instagram). Of course this doesn’t matter if a mean person has your unlocked phone.

Never post anything to social media unless you’d be happy to see it on the front page of the NY Daily News.

There are lots of other lessons to be gleaned from this incident. I’ll leave that to the sports writers. However, I hope the media shines a spotlight on the system and not just a kid who accidentally disclosed the realities of high stakes college athletics.

Cyber criminals have so many tools that we need an additional layer of protection. If Facebook can have hackers lurking inside their network for months, what makes you so sure your network is safe?

I’m advising all my clients and companies to enable 2-Factor Authentication on all systems. This and strong unique passwords gives me piece of mind that a compromise of my username and password does not expose me to cascading risks in other systems.

I’m always watching the boards and blogs for news about new security threats. Today, I read about CryptXXX and it is really scary. This ransomeware is transmitted by drive-by-download but look for phishing scams soon.

The tricky part is managing the stored credentials behind the scenes. Seems like the Google SQL Command Line Tool only supports 1 login at a time. If you are like me and do projects for multiple clients, then you need multiple Google Account logins.

What works pretty easily is swapping out the credential file behind the scenes. Take a look here to find where the Command Line Tool is storing it’s credential:

You can setup the Command Line Tool using your first account, then rename the resulting credential File (or Registry Key in Windows. Setup the Command Line Tool again using your next account, then rename the credential file/key to something else. Now you can swap your active credential by swapping in the right file/key. Symbolic links work in Mac/Linux, .reg files to set the right key should work in Windows.

Once you have the right Credential in place, tell PyCharm about the Google Command Line Tool .jar database connector file and you are good to go. Here’s a picture of my setup.